2007-01-15 22:50:57 +00:00
|
|
|
#
|
2021-02-24 14:06:14 +00:00
|
|
|
# AIDE _Example_ Configuration
|
2007-01-15 22:50:57 +00:00
|
|
|
#
|
2021-02-24 14:06:14 +00:00
|
|
|
# Thanks to the Debian people and Dirk Müller <dmuell@gmx.net>
|
2007-01-15 22:50:57 +00:00
|
|
|
#
|
2021-02-24 14:06:14 +00:00
|
|
|
# Use at your own risk!
|
2007-01-15 22:50:57 +00:00
|
|
|
#
|
2021-02-24 14:06:14 +00:00
|
|
|
# Matthias G. Eckermann <mge@suse.de>
|
2007-01-15 22:50:57 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Configuration parameters
|
|
|
|
|
#
|
2021-02-24 14:06:14 +00:00
|
|
|
database_in=file:/var/lib/aide/aide.db
|
2007-01-15 22:50:57 +00:00
|
|
|
database_out=file:/var/lib/aide/aide.db.new
|
|
|
|
|
report_url=stdout
|
|
|
|
|
warn_dead_symlinks=yes
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Custom rules
|
|
|
|
|
#
|
2021-02-24 14:06:14 +00:00
|
|
|
Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512
|
|
|
|
|
ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512
|
|
|
|
|
Logs = p+i+n+u+g+S
|
|
|
|
|
Devices = p+i+n+u+g+s+b+c+sha256+sha512
|
|
|
|
|
Databases = p+n+u+g
|
|
|
|
|
StaticDir = p+i+n+u+g
|
|
|
|
|
ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Directories and files
|
|
|
|
|
#
|
|
|
|
|
# Kernel, system map, etc.
|
2021-02-24 14:06:14 +00:00
|
|
|
/boot Binlib
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# watch config files, but exclude, what changes at boot time, ...
|
|
|
|
|
!/etc/mtab
|
|
|
|
|
!/etc/lvm*
|
2021-02-24 14:06:14 +00:00
|
|
|
/etc ConfFiles
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# Binaries
|
2021-02-24 14:06:14 +00:00
|
|
|
/bin Binlib
|
|
|
|
|
/sbin Binlib
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# Libraries
|
2021-02-24 14:06:14 +00:00
|
|
|
/lib Binlib
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# Complete /usr and /opt
|
2021-02-24 14:06:14 +00:00
|
|
|
/usr Binlib
|
|
|
|
|
/opt Binlib
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# Log files
|
2021-02-24 14:06:14 +00:00
|
|
|
/var/log$ StaticDir
|
|
|
|
|
#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases
|
|
|
|
|
#/var/log/aide/error.log(.[0-9])?(.gz)? Databases
|
|
|
|
|
#/var/log/setuid.changes(.[0-9])?(.gz)? Databases
|
|
|
|
|
/var/log Logs
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# Devices
|
|
|
|
|
!/dev/pts
|
2021-02-24 14:06:14 +00:00
|
|
|
/dev Devices
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# Other miscellaneous files
|
2021-02-24 14:06:14 +00:00
|
|
|
/var/run$ StaticDir
|
2007-01-15 22:50:57 +00:00
|
|
|
!/var/run
|
2021-02-24 14:06:14 +00:00
|
|
|
/var/lib Databases
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# Test only the directory when dealing with /proc
|
2021-02-24 14:06:14 +00:00
|
|
|
/proc$ StaticDir
|
2007-01-15 22:50:57 +00:00
|
|
|
!/proc
|
|
|
|
|
|
|
|
|
|
# manpages can be trojaned, especially depending on *roff implementation
|
2021-02-24 14:06:14 +00:00
|
|
|
#/usr/man ManPages
|
|
|
|
|
#/usr/share/man ManPages
|
|
|
|
|
#/usr/local/man ManPages
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# check sources for modifications
|
2021-02-24 14:06:14 +00:00
|
|
|
#/usr/src L
|
|
|
|
|
#/usr/local/src L
|
2007-01-15 22:50:57 +00:00
|
|
|
|
|
|
|
|
# Check headers for same
|
2021-02-24 14:06:14 +00:00
|
|
|
#/usr/include L
|
|
|
|
|
#/usr/local/include L
|
2007-01-15 22:50:57 +00:00
|
|
|
|
Accepting request 874862 from home:polslinux:branches:security
- Update to 0.17.3:
* BACKWARDS INCOMPATIBLE CHANGES
- '--verbose' command line option and 'verbose' config option are no
longer supported, use 'log_level' and 'report_level' options instead
- '--report' command line option is no longer supported, use
'report_url' config option instead
- 'ignore_list' config option is no longer supported, use
'report_ignore_changed_attrs' instead
- 'report_attributes' config option is no longer supported, use
'report_force_attrs' instead
- (restricted) regular rules must start with literal '/', i.e. the rule
cannot begin with a macro variable
- config lines must end with new line
- '@' and ' ' in the configuration are now escaped with '\', that means
to match a '\' you have to use four backslashes '\\\\' in your rules
- 'gzip_dbout=false' fails now with config error when no zlib support
is compiled in
- remove '--with-initial-errors' configure option
- remove PostgreSQL database backend support
- remove Sun ACL support
- remove config and database signing support
* Enhancements:
- add new '--log-level' command line option and 'log_level' config option
- introduce named log levels
- add new 'report' log level to help to debug rule matching
- add new 'config' log level to help to debug config and rule parsing
- aad new '--dry-init' command
- add new '--path-check' command
- add directory support for @@include
- add new @@x_include config macro
- add new @@x_include_setenv config macro
- add new default compound group 'H' (all compiled-in hashsums)
- add support for per-report_url options
- add new 'report_level' config option
- add new 'report_append' config option
- add exit code 21 for file lock errors
- add default config values, available hashsums and compound groups
to '--version' output
- add Linux capabilities support
- show changed attributes in 'different attributes' message
- enable 'gost' and 'whirlpool' checksums when using gcrypt
- add 'stribog256' and 'stribog512' gcrypt algorithms
- add config file names to log output
* Miscellaneous behaviour changes:
- 'report_summarize_changes': hashsum changes are now indicated with 'H'
- print '--help' and '--verion' output to stdout
- log messages and errors are always written to stderr
- initialise report URLs after configuration parsing
- allow empty values for macro variables
- SIGUSR1 now toggles debug log level
- fail on errors in regular expressions during config parsing
- fail on invalid URLs during config check
- Fail on double slash in rule path
- cache log lines when 'log_level' is not yet set
* Deprecations:
- 'database' config option is now deprecated, use 'database_in' instead
- 'summarize_changes' config option is now deprecated, use
'report_summarize_changes' instead
- 'grouped' config option is now deprecated, use 'report_grouped'
instead
- non-alphanumeric group names are deprecated
* Notable bug fixes:
- fix line numbers in log messages
- remove warning when input database is '/dev/null'
- correctly handle UTF-8 in path names and rules
- fix compilation with curl and gcrypt
- warn on unsupported hash algorithms
- improve large-file support
* Remove obsolete aide-attributes.sh script
* Remove outdated manual.html
* Update documentation
- Rename and rebase aide-0.17.3-as-needed.patch
- Rebase aide-xattr-in-libc.patch
- Remove aide-define_hash_use_gcrypt.patch (no longer needed)
- Remove aide-dynamic.patch (no longer needed)
OBS-URL: https://build.opensuse.org/request/show/874862
OBS-URL: https://build.opensuse.org/package/show/security/aide?expand=0&rev=38
2021-02-24 13:32:29 +00:00
|
|
|
|
